backup/Yasso
1
0
Fork 0
mirror of https://github.com/sairson/Yasso.git synced 2026-02-09 05:23:41 +08:00
Code Issues Projects Releases Wiki Activity
Files
97045ecf4e97a542e80da0f96c955cf9f737a30e
Yasso/cmd/grdp.go
sairson a762799d38 Changes
2022-01-08 14:20:19 +08:00

167 lines
3.7 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package cmd
import (
"Yasso/config"
"errors"
"fmt"
"github.com/spf13/cobra"
"github.com/tomatome/grdp/core"
"github.com/tomatome/grdp/glog"
"github.com/tomatome/grdp/protocol/nla"
"github.com/tomatome/grdp/protocol/pdu"
"github.com/tomatome/grdp/protocol/rfb"
"github.com/tomatome/grdp/protocol/sec"
"github.com/tomatome/grdp/protocol/t125"
"github.com/tomatome/grdp/protocol/tpkt"
"github.com/tomatome/grdp/protocol/x224"
"log"
"os"
"sync"
"time"
)
var (
BruteDomain string
)
var RdpCmd = &cobra.Command{
Use: "grdp",
Short: "RDP burst module (support proxy)",
Run: func(cmd *cobra.Command, args []string) {
if Hosts == "" {
_ = cmd.Help()
} else {
BruteRdpByUser()
}
},
}
func init() {
RdpCmd.Flags().StringVar(&BruteDomain, "domain", "", "set host domain")
}
func BruteRdpByUser() {
if BrutePort == 0 {
BrutePort = 3389
}
var ips []string
var err error
if Hosts != "" {
ips, err = ResolveIPS(Hosts)
if err != nil {
Println(fmt.Sprintf("resolve hosts address failed %v", err))
return
}
if BruteFlag == true {
users, pass := ReadTextToDic("rdp", UserDic, PassDic)
Println(Clearln + "[*] Brute Module [rdp]")
Println(fmt.Sprintf(Clearln+"[*] Have [user:%v] [pass:%v] [request:%v]", len(users), len(pass), len(users)*len(pass)*len(ips)))
SwitchBurp("rdp", users, pass, ips, BrutePort, Runtime, TimeDuration, BruteDomain)
} else {
Println(Clearln + "[*] May be you want to brute? try to add --crack")
}
}
}
//TODO: shadow1ng佬 fork的仓库并将原始代码进行了完善和修改
func RdpConn(info config.HostIn, user, password string) (bool, error) {
target := fmt.Sprintf("%s:%d", info.Host, info.Port)
g := NewClient(target, glog.NONE)
err := g.Login(info.Domain, user, password)
//var err
if err == nil {
return true, nil
}
//return true, err
return false, err
}
type Client struct {
Host string // ip:port
tpkt *tpkt.TPKT
x224 *x224.X224
mcs *t125.MCSClient
sec *sec.Client
pdu *pdu.Client
vnc *rfb.RFB
}
func NewClient(host string, logLevel glog.LEVEL) *Client {
glog.SetLevel(logLevel)
logger := log.New(os.Stdout, "", 0)
glog.SetLogger(logger)
return &Client{
Host: host,
}
}
func (g *Client) Login(domain, user, pwd string) error {
// 这里做一下修改将dial.Timeout换成GetConn的代理连接
conn, err := GetConn(g.Host, 5*time.Second)
if err != nil {
return fmt.Errorf("[dial err] %v", err)
}
defer conn.Close()
glog.Info(conn.LocalAddr().String())
g.tpkt = tpkt.New(core.NewSocketLayer(conn), nla.NewNTLMv2(domain, user, pwd))
g.x224 = x224.New(g.tpkt)
g.mcs = t125.NewMCSClient(g.x224)
g.sec = sec.NewClient(g.mcs)
g.pdu = pdu.NewClient(g.sec)
g.sec.SetUser(user)
g.sec.SetPwd(pwd)
g.sec.SetDomain(domain)
//g.sec.SetClientAutoReconnect()
g.tpkt.SetFastPathListener(g.sec)
g.sec.SetFastPathListener(g.pdu)
g.pdu.SetFastPathSender(g.tpkt)
//g.x224.SetRequestedProtocol(x224.PROTOCOL_SSL)
//g.x224.SetRequestedProtocol(x224.PROTOCOL_RDP)
err = g.x224.Connect()
if err != nil {
return fmt.Errorf("[x224 connect err] %v", err)
}
glog.Info("wait connect ok")
wg := &sync.WaitGroup{}
breakFlag := false
wg.Add(1)
g.pdu.On("error", func(e error) {
err = e
glog.Error("error", e)
g.pdu.Emit("done")
})
g.pdu.On("close", func() {
err = errors.New("close")
glog.Info("on close")
g.pdu.Emit("done")
})
g.pdu.On("success", func() {
err = nil
glog.Info("on success")
g.pdu.Emit("done")
})
g.pdu.On("ready", func() {
glog.Info("on ready")
g.pdu.Emit("done")
})
g.pdu.On("update", func(rectangles []pdu.BitmapData) {
glog.Info("on update:", rectangles)
})
g.pdu.On("done", func() {
if breakFlag == false {
breakFlag = true
wg.Done()
}
})
wg.Wait()
return err
}
Reference in New Issue View Git Blame Copy Permalink